What will you be doing?
We are looking for a Senior DevSecOps to design, implement, maintain and monitor our security and DevOps infrastructure, processes and tools. This includes responsibility for executing tools and processes to support end-to-end provisioning, facilitating automation wherever possible.
· Monitor, maintain, improve and secure existing services and processes
· Design and implement new processes and environments
· Manage our PCI DSS Level 1 compliant environments
· Identify and resolve infrastructural bugs
· Drive the success of our systems’ advancements, cooperating with the development and support teams
· Stay current on industry trends and implement best practices within DevSecOps
· Develop and maintain documentation for security systems and procedures
· Monitor vulnerabilities and new threat trends
· And much, much more!
What you need for this position
8+ years of experience and knowledge of:
· Linux, Unix, Windows administration
· AWS cloud services such as EC2, RDS, ELB, S3, EFS, VPC
· Monitoring tools (Zabbix, Nagios, etc)
· Centralized log management (ELK, Graylog)
· Automating application scanning/penetration testing + integration with remediation processes
· Configuration management software (Terraform, Cloudformation, Chef, Ansible, Puppet, etc)
· AWS services, standards, and best practices
· Network architecture, protocols, and standards
· Code-scanning tools: Checkmarx, AppScan, Fortify, BlackDuck, SourceClear, WhiteSource
· Docker, Kubernetes, Terraform, Jenkins CI/CD, Git, WAF, SQL/NoSQL, Apache/Nginx, etc.
· OWASP, PCI DSS, and CIS security standards
· Excellent organizational, analytical and problem-solving skills
Nice to have knowledge/experience
· Experience with Agile methodologies
· Knowledge of PCI DSS/GDPR process and compliance
· Previously worked in a start-up company
· Certifications in DevOps and/or cloud security and architecture (Amazon AWS Certified Solutions Architect, Amazon AWS Certified DevOps Engineer, etc)
· Experience with tools for accessing secrets securely (CyberArk DCA, etc)
· Effective written and oral communication with multiple roles involving both business and technical sides